PkgRadar

Composer · packagist.org

redeemly-likecard/luckycode-package

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 2.3.2

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · Redeemly-LikeCard-Backend-PHP-9c19b16/vendor/codeigniter4/framework/system/HTTP/URI.php
highPhp Backtick With DecodeBacktick shell-out combined with base64/hex decode. · Redeemly-LikeCard-Backend-PHP-9c19b16/vendor/codeigniter4/framework/system/HTTP/URI.php

Scanned versions

VersionVerdictScoreScanned (UTC)
2.3.2High risk562026-06-08
2.2.0Review32026-06-08

Block this in CI

PkgRadar gates redeemly-likecard/luckycode-package (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer redeemly-likecard/[email protected]
Start free — 25 scans / moView full evidence